If you look at the Dimdim offering as it stands today they already have a Free, Pro and Enterprise offering - and in my experience the product is very stable and works. Frankly I don't know anymore what the word "beta" really means since we all see so many Beta's (mostly from Google) that are so good. Remember GMAIL is officially still a Google Beta.

That said the move to be out of Beta is a symbolic move at the very least and shows that the market and technology for open source conferencing is a reality. I don't know what else Dimdim plans on announcing on December 3rd, though it's likely to include some additional features that help to further its mission and its competitive stance. This is a market in which Cisco's WebEx is the giant, so Dimdim will need all the help (and features) it can get.

**UPDATED** 1 PM ET ** Got a comment on this post from Kevin Micalizzi, Community Manager
Dimdim (thnX Kevin!!) that provides some additional details. Click on the "comment" link for the full entry but here's the gist:

We've improved the user interface based on customer feedback, improved
recording & archiving, added some new meeting tools, and my
personal favorite -- we're introducing synchronized web browsing. This
will let you navigate the web from within Dimdim, with your attendees
following along as you click and scroll.****

**UPDATED ** DEC 3RD**OK as I expected the release is not out. Officially titled Dimdim 4.5 (codenamed "Liberty") the sync feature is now officially called,SynchroLive. According to Dimdim's release, "the SyncroLive Communication Platform automatically scales its performance to ensure all live communications are synchronized; whether sharing the desktop, webcam, PowerPoint, whiteboard or web pages."

Dimdim 4.5 also has integration with Zimbra (no surprise), Moodle and SugarCRM.

Regular Google Chrome users to date have often boasted about Chrome's speed, but you've likely never seen any boast about its ability to handle bookmarks. That's because until today's update to Google Chrome 0.4.154.18, Google's browser had somewhat 'limited' bookmark manageability.

The new bookmark manager has import/export functionality as well as search, folder creation and drag/drop for management of the bookmarks.

On the security front Google Chrome 0.4.154.18 has at least two important new updates. For one, all all configuration options for external service data are now in one menu in the Under the Hood tab. Google has also provided a security fix for an XHR (XML over HTTP Request) issue.

"This release fixes an issue with downloaded HTML files being able to
read other files on your computer and send them to sites on the Internet," Matt Larson Google Chrome Program manager wrote. "We now prevent local files from connecting to the network
with XMLHttpRequest() and also prompt you to confirm a download if it
is an HTML file."

That's a scary bug - and sounds a whole lot like a derivative of the drive-by carpet bomb thing that Aviv Raff found with Safari earlier this year (but it's not).

Oh and on top of the bookmark and security changes - Google also updated their browser's JavaScript engine V8 (the root of Chrome's speed) to version 0.3.9.2. So faster, more features and maybe more secure too. Google isn't pulling any punches on Chrome is it?

Worried that Internet Explorer is less secure than alternatives? Eric Lawrence Security Program Manager on Microsoft's Internet Explorer team argued on a Black Hat webcast about Clickjacking that Microsoft is not to blame.

In fact, Lawrence essentially argued that it's the browser add-ons that are where many problems are.

"One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore. The browser is becoming a harder target and there are many more browsers," Lawrence said. "So attackers are targeting add-ons."

He added that attackers are finding add-ons with high market share looking for vulnerabilities and then exploiting every browser through the add-on. So in Lawrence's view - whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flask, PDF, QuickTime or another popular add-on (sometimes also called plug-ins).

Microsoft's head honcho on the Internet Explorer browser - Dean Hachamovitch - has revealed the plan for the release of Internet Explorer 8 (IE 8). IE 8 is currently at its Beta 2 release and there won't be a Beta 3 release. Instead Microsoft is planning at least 1 release candidate which should show up in the first part of 2009.

"We will release one more public update of IE8 in the first quarter of
2009, and then follow that up with the final release," Hachamovitch wrote. "Our next public
release of IE (typically called a "release candidate") indicates the
end of the beta period. We want the technical community of people and
organizations interested in web browsers to take this update as a
strong signal that IE8 is effectively complete and done. They should
expect the final product to behave as this update does."

Considering that my colleague Andy Patrizio figures that Microsoft's Windows 7 will be out in the June timeframe of 2009 - I would suspect that the final for IE 8 will actually pre-date the Windows 7 release by a short period of time.

Perhaps more interesting is what a Release Candidate actually means - which is a feature freeze so that the stability and bug issues can be resolved. That leads me to believe that Beta 2 is pretty close to what the final will be so it's likely a very good idea for developers to make sure that their sites are IE8 ready sooner rather than later - but there is still time...

On the competitive side of things, Firefox 3.1 Beta 2 should be out tomorrow (Nov. 21), a Beta 3 is likely to follow - so I would expect final for Firefox 3.1 in the January 2009 timeframe. So if you're developing for Firefox you likely have a little less time to get your house in order.

Mozilla Chief Wrangler Mitchell Baker today reported Mozilla's financial position which shows 2007 revenues of $75 million up by 12 percent from 2006 revenues of $67 million. Though Mozilla is on the upswing, Baker's report shows some areas of potential future financial concerns.

As was the case last year, the bulk of Mozilla's revenues came from a search deal with Google. That deal has now been extended until November of 2011.

As part of the deal Google pays Mozilla a fee every time someone does a search using the default Google Search start page that is included in Firefox.

An interesting thing to note though is that there is not a 1:1 correlation between the user growth for Mozilla Firefox and the corresponding revenue from Google. Baker noted in her report that, "search revenue increased at a lesser rate than Firefox usage growth as the rate of payment declines with volume."

Another interesting item in the report is the fact that Mozilla expenses were up in 2007 by 68 percent over 2006. Approximately 80 percent of Mozilla's expenses come from its staffing costs. What makes this really interesting is that Mozilla even with more paid staffers is still getting the same proportion of its code from external (i.e non-Mozilla) contributions.

"The percentage of code contributed to Firefox by people not employed by
Mozilla remained steady at about 40 percent of the product we ship," Baker reported. "This is
true despite a significant amount of new employees in 2007."

Last but not least, Baker's report reveals that the Internal Revenue Service, the US national tax agency is reviewing aspects of some funds generated by Mozilla. Baker does not specifically use the word "audit' in her report.

"We are early in the process and do not yet have a good feel for how long this will take or the overall scope of what will be involved," Baker commented about the IRS review.

Nemertes Research is out with a report today with some dire predictions about the future of the Internet. They claim that Internet demand continues to outpace growth in network capacity at the access layer, and IP addresses are quickly depleting.

Big surprise.

Internet address depletion - specifically IPv4 has been an issue for a few years with most estimates placing exhaustion in the 2010-12 timeframe. But it's a bit of a myth in my view. Just because there are no more IPv4 address blocks to give out doesn't mean their aren't any more addresses. For one, I've heard from carriers and others that there are a good number of unclaimed/unused addresses that could be reclaimed. Network Address Translation and port forwarding continues to amaze me as a way to deliver traffic to many people from only a single IP address. Then of course there is IPv6 - which is slowly making its way into the carrier network and could be used in a dual IPv4/IPv6 stack to help alleviate any address concerns. So no the address sky is not falling and the internet will not stop working in 2012.

When it comes to bandwidth, the workhorse of modern networks today is either OC-192 or 10GbE. OC-768 (40 Gbps) is a bit expensive and adoption has been slow but it's out there. But by the 2010-12 timeframe Infonetics Research is already forecasting that 100GbE will be gaining big share. That's 100 Gigabit Ethernet and that's a lot of bandwidth (10x the modern workhorse).

So is there a bandwidth crunch?

Of course there is but it will be partially solved by 2012 by 100GbE.

So yes there are issues related to address space and bandwidth capacity that we need to be aware of - but the sky is not falling and there are real solutions to these problems that we can already see today.

Metasploit 3.2 is now out - but don't be afraid of it - be aware of it.

Metasploit is an open source 'toolkit' for attack code that lets researchers test out vulnerabilities. Back in October, Metasploit founder H D Moore was in Toronto talking about the release describing some of the 'evil deeds' that the new release would bring. One of the key things is that Metasploit is now available (again) under a bona fide open source license BSD.

On the attack side of Metasploit 3.2, the stuff that interests me the most the most is the new browser auto-pwn module.

"Metasploit contains dozens of exploit modules for web browsers and third-party plugins," the release notes state. "The new browser_autopwn module ties many of these together with advanced fingerprinting techniques to deliver more shells than most pen-testers know what to do with."

Metasploit has also been improved with new JavaScript
obfuscation techniques that could lead to a
greater degree of anti-virus bypass for client-side exploits.

There are many exploits and vulnerabilities reported in any given week and to be honest it's difficult to know sometimes what is serious and what isn't. With Metasploit it gets easier to figure it all out. In my simplistic point of view if a vulnerability can be 'weaponized' into something that Metasploit can exploit than it's something that we should take note off. In my opinion, Metasploit makes security better by helping to show where it is weak.

So if you're a security person, this is a tool for you too, to help you to harden your own applications and infrastructure. The code is all open source too which makes the whole thing a tremendous learning resource.

The open source Zend Framework 1.7 is now available expanding the PHP framework to work better with Adobe Flex and AIR applications. Adobe and Zend announced back in September that they would be collaborating for Zend Framework and now they've delivered.

"Adobe and Zend have been working together to make Flex and AIR application development much easier for PHP developers," Zend co-founder Andi Gutmans blogged " This announcement marks a significant milestone in those efforts with the production release of the Zend_Amf component in ZF 1.7. Now PHP 5 developers can use the open, binary AMF3 protocol (think of it as ActionScript's native tongue) as easily as any other server-client protocol in Zend Framework."

Action Message Format (AMF) is the protocol that Flex uses to talk to the back end enabling both Flex and Flash based applications to exchange data with servers.

The Zend Framework 1.7 also includes some other neat features that PHP developers will likely benefit from. Among them is the ZendX_JQuery module which provides integration with the JQuery JavaScript toolkit. There is also support in the Zend_Search_Lucene module for indexing Office Open XML documents which could be a very useful thing too.

The 1.7 release comes just under three months after the Zend Framework 1.6 release which made Figlets into something useful for CAPTCHA (if you haven't read that story, you should). Great to see that regular progress continues to be made on this PHP framework. It's something that continues to re-inforce the fact that PHP is still a very modern and capable language for web application development.

Gartner has a report out today claiming 85 percent of companies are now using open source. It's a funny number in my opinion since the reality is more like 100 percent.

If you visit a site that is hosted on an Apache Webserver does that count? If you use Firefox does that count? If you use a program that was built with GCC (and many do) does that count?

Gartner expects that it will hit 100 percent in the next 12 month though. The more interesting part is that their survey found that 69 percent of companies surveyed,"... still have no
formal policy for evaluating and cataloguing OSS usage in their
enterprise." That's a big deal of course and one that vendors like HP, Black Duck, OpenLogic and Palamida all have developed strong offerings around.

"Understanding when and how an OSS alternative may
be used is a frustrating process, especially when there are so many
license types and forms from which to choose," said said Laurie Wurster, research director at Gartner in a statement. "As
time goes by, many of these concerns will be addressed, but this
continues to be a slow process. Increases in OSS popularity and in the
rate of OSS adoption will drive the required changes."

The obvious question - is if Open Source Software (OSS) is so frustrating in Gartner's view - than how do they explain that 85 percent now and 100 percent within a year are using open source?

According to a new study of adult U.S. Internet Users on Home PCs, May - November 2008 OpenOffice.org is more widely used than Google Docs.

The study from research vendor ClickStream reported 5 percent usage for OpenOffice and only 1 percent for Google Docs.

So does that mean OpenOffice wins?Not quite.

Use of Google Spreadsheets was 3 percent (so that narrows the gap). Overall Microsoft Office dominated the field for productivity applications with 51 percent for Word and 26 percent for Excel.

Though Microsoft dominates, it's still interesting to see the relative performance of OpenOffice. According to OpenOffice.org, the 3.0 release which came out just over a month ago has had over 10 million downloads since its release. Sure that's still not a huge number for Microsoft - but a non-trivial number nonetheless.

Dell CTO Kevin Kettler is leaving the company in January of 2009 after 13 years of service. I had the good fortune of meeting Kettler twice - once in Boston and once in San Francisco. In both cases the event was a LinuxWorld related activity.

Virtualization with Linux was a key theme that Kettler talked about in both cases. He saw it as a way to help drive efficiencies even though it could ultimately mean fewer physical boxes.

Times are what they are and everyone in the economy is now struggling including Dell. The difficult economy has many casualties, both direct and collateral. A Dell spokesperson told Reuters that, the departure is something Kettler had been working on for some time.

At a Boston Dinner with Kettler in 2006, I remember Kettler talking fondly of his BBQ. Sure it was an informal moment, but it's stuff like that which provides insights in people's personalities.

Though Kettler is leaving Dell, I suspect that Kettler isn't out of the game entirely. He's too young, too sharp and too skilled. If I was a betting man I'd bet that we haven't seen the last of Kettler - though I do suspect that his BBQ will be getting a serious workout in the weeks ahead.

I love the Session Restore feature as I'm the kind of user that always has 10+ tabs open all the time. To think that it could be used as a vehicle to exploit me is "interesting" to say the least. According to Mozilla, as a result of that flaw potentially, "any otherwise unexploitable crash can be used to force the user into the session restore state."

Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Shortcut files?! Really? Mozilla only labels this flaw as "moderate" since they view it as being a little complex to execute.The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.

As part of the update Mozilla is also updating Firefox 2.x to 2.0.0.19 though it's clear that the Firefox 2.x's days are numbered. With Firefox 3.1 around the corner (the Beta 2 release is likely next week now with a test day scheduled for Friday), it will soon be time for Firefox 3.x users to upgrade too.

InternetNews.com has learned that on Tuesday November 18, Ingres will announce its new open source database platform. The announcement is the first big database focused announcement in nearly two years from Ingres.

Did you even know that Ingres was still around?

Ingres is a database technology that some might have thought was a relic of the past. Ingres has a long and storied history dating back to the 1970's at the University of California at Berkeley. In 1994, Ingres was bought out by Computer Associates which owned the technology until 2005 when it was spun out and taken private.

During CA's ownership, Ingres code was open sourced under a CA open license in an effort to help spur adoption. . At the time, my former colleague Clint Bolton called Ingres CA's, "...long forgotten database software." CA tried valiantly to get interest in Ingres at one point offering a $1 million developer program challenge.

In 2006, under the ownership of Ingres Corp, Ingres released its name sake database under the GPL which was one of their last major database release events. So the release on Tuesday November 18th will be a big deal for them.

Whether or not it's a big deal for anyone else is questionable.

In the open source database world I hear and see MySQL and PostgreSQL all the time. PostgreSQL not coincidentally is a descendant of Ingres. Also known as Postgres which literally means Post Ingres, PostgreSQL was born in the 80s by programmers at the University of California at Berkeley. It evolved out of the first Ingres database.

Beyond open source database competition, there is of course Oracle. While Oracle is not technically an open source vendor, they are open source friendly at this point in time. Oracle has its own supported Linux and is active in a dozen or more open source efforts.

That said, Ingres claims that they've got 10,000 customers though which is no small number, so maybe I've been missing something.

Will the new Ingres database make further inroads into the market?

Tough call, since switching databases is no easy feat and the competition is so very tough, as is the current macro-economic environment. Still, it's interesting to see what many see as a name from the past re-invent itself and continue to evolve in the modern era.

For nearly 1,000 years ancient Rome was the capital of the Western World and as the saying goes, "all roads lead to Rome." Today some 1,600 years after the sack of Rome by Alaric, ancient Rome is being reborn with the help of Google. Google Earth now has a Rome 3D layer that lets you see the Eternal City as it would have been in the year 320 AD.

In my opinion this is an astonishing piece of work. Google has done other great mapping kind of efforts with the stars, moon and mars but ancient history is a new thing and Rome is the right place to start. Aside from seeing the ancient streets in the movie Gladiator (Maximus! Maximus!! Maximus!!) this is your best bet. I can see it being useful for students of history (casual or professional) as well as yet another example of how Google really is everywhere in both space and time.

What fascinates me most about this project is the accuracy of the
details of the three-dimensional models. It's such a great experience
to be able to admire the monuments, streets and buildings of Ancient
Rome with a virtual camera that lets you go inside and see all the
architectural details. From the Colosseum to the Ludus Magnus, from the
Forum Caesar to the Arch of Septimius Severus, from the Rostra to the
Basilica Julia, you can get up close to them all.

From the "why pay when you can get it for free" files:InternetNews.com has learned that Sun is set to release StarOffice 9 on November 17th. StarOffice is Sun's office suite offering currently based on the OpenOffice.org code base. OpenOffice.org itself was originally based on StarOffice which Sun acquired back in 1999.

OpenOffice.org is free (as in beer and as in Freedom) and is also offered as a supported commercial offering by Linux vendors including Red Hat, Novell and Ubuntu. As far as I know StarOffice is not free in the same sense. The current StarOffice 8 is being sold by Sun for $69.95 and the licensing terms are not quite open.

StarOffice9 is expected to include Mac compatability, new new add-on support, Weblog Publisher and Database Report Builder functions. If some of that sounds familiar it should - it's a similiar feature set to the one in the recently released OpenOffice 3 which came out last month.

There is of course nothing wrong with having an open source verison and then a commercial version of the same software. The common argument is that the commercial versions of open source are more enterprise-ready and includes additional stability testing. I'm not so sure that's still the case with StarOffice, especially in light of how far OpenOffice.org has progressed. If you look at Sun's own current list of the differences between OpenOffice.org and StarOffice the list isn't much.

Is there still a need for a StarOffice? I suppose Sun still has legacy customers and there is still brand equity in the name. Beyond that I suspect that the future is all about OpenOffice.org.

Linux vendor Red Hat is expanding its Board of Directors with Micheline Chau, President and COO of Lucasfilm Ltd. Chau has been in her current position since 2003 and joined Lucasfilm back in 1991 as CFO.

What does this mean for Linux?

Well the obvious item is the fact that Lucasfilm is a Linux user. Secondly it could mean that the Force is with Linux (literally). Beyond just making movies Lucasfilm is also involved in animation (current Clone Wars show is one example) and gaming.

On the speculative front I wonder if this new board member will mean that future versions of Red Hat or Fedora could pull their names from the Star Wars universe (much like Debian pulls its release names from Toy Story). How bout this Fedora 11 the Yoda edition?

Try Not Linux. Use or Use Not Linux. There is No Try. (ok maybe not...)

Firefox was an early adopter's choice and far from the mainstream. Tabbed browsing was a novelty that few had ever experienced and the idea of add-ons/extensions was also relatively new.

Can you imagine using a non-tabbed browser today?

Firefox 1.0 was the first big release for Firefox, its first major milestone. Since then we've had many releases - more security updates than I can count and major versions in Firefox 2.0 and Firefox 3.0. It's been a steadily forward development path that continues even now. This week we'll see both a point update with the 3.0.4 release and a development release with Firefox 3.1 Beta 2.

Perhaps more importantly is the fact that the Firefox 1.0 release re-ignited a new age of web browser innovation (some call it a second browser war) where we've seen Microsoft ramp ups its efforts with Internet Explorer version 7 and the currently under development version 8. Apple Safari, Opera and now Google Chrome all have skin in the game too.

Wait a sec, isn't that the same future that ICANN has been talking about for the last 10 years?

Things do tend to take time at ICANN in my opinion. The overall confidence in ICANN moving forward is also something that the National Telecommunications and Information Administration - NTIA (that's the US President's principal adviser on telecommunications and information policy) is questioning as well.

NTIA chief Meredith Baker
addressed the ICANN event in Egypt and made clear her thoughts.

"I have long thought that a stable and independent ICANN could only emerge and succeed if ICANN enjoys the competence of the community it serves," Baker said "Whether ICANN enjoys such confidence is yet to be proven."

Mozilla is set to release Firefox 3.0.4 on November 12th. The first builds are now available for beta testers.

Firefox 3.0.4 is a stability and security update for Firefox 3.0.x - though at this point Mozilla has not yet issued any public security advisories on what the security issues are that 3.0.4 fixes.

Personally I haven't see anything on the public security lists (a good thing) - which means that (as usual), Mozilla is keeping a tight lid on letting potentially damaging security information leak out early.

The 3.0.4 release is likely to be out a day after Mozilla releases Firefox 3.1 beta 2 - which could be interesting. I wonder if there are issues fixed in 3.0.4 that are also dealt with in the 3.1 branch too.

SCO - the company best known in the Linux community for its legal challenges could be dipping into its own intellectual property well to bring back a name from the past.

Caldera.Groklaw has noticed some interesting legal filings which indicate that there could be a move to bringing the Caldera name back to the forefront of SCO's activities. Unlike the name SCO, Caldera is not a name that to me evokes any harsh anti-Linux emotions.

In fact in the spirit of full disclosure - one of the first Linux distros I ever actually paid for was a version of Caldera OpenLinux which I purchased on a retail store shelf long before the name SCO became synonomous with being anti-Linux.

Does this mean that SCO will get back into the Linux distro business? Not likely in my view. But there is a bunch of restructuring going on at SCO and it does makes sense for them to use names/intellectual property that they actually do own.

I've been following the ReactOS project for several years, watching and waiting to see how this open source clone of Windows matures.

Originally it was an effort to be compatible with with Windows NT, later Windows 2003 became the goal. With the ReactOS 0.3.7 release ReactOS is still alpha software but it inches a bit closer towards its goals.

Filesystem driver fixes, making them more compatible with the Microsoft NT cache manager

Win32 subsystem improvements and synching of most of the Wine usermode DLLs

No it's still not something that will replace Windows.

It is however an interesting project to watch and see how an open source effort can try and build something that will behave like Windows - but isn't Windows. (Sure there was a little issue a few years back about whether ReactOS had any infringing code - but the audit came back clean.)

Opera is out with a new browser - Opera 9.62 which patches a pair of highly servere security vulnerabilities.

One of them exploit a flaw in the History Search function - which is an attack vector that I personally have never seen before. According to Opera's advisory:

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code.

There is also a fix for a more common type of vulnerability too - namely Cross Site Scripting which is something that continues to be what I see as the most commonly reported vulnerability across web browsers and applications.

Every *nix type of OS has it's own little logo and a story to go with it. The image accompanying the OpenBSD 4.4 release is a bit different though, with a take on a classic Star Wars poster from 1977 (I've copied a thumbnail on the left - click to see the full image on the OpenBSD site).

But wait there is more!

OpenBSD goes a step further with the official song for OpenBSD 4.4 (yeaah they've got a song too) is - Trial of the BSD Knights which is hilarious. It basically recounts the good fight of BSD against the Evil Empire.

So being a good Star Wars fan myself let's compare the OpenBSD Rebellion to Luke Skywalker's Rebellion. Like the members of the Star Wars Rebellion, the roots of OpenBSD lay in the earlier BSD Unix which like the Republic in Star Wars was a source stability for a period of time (arguably in both cases). Yet just like Master Yoda told Obi Wan Kenobi in Empire Strikes Back - 'there is another..".

In this case the 'other" isn't Princess Leia it's Linux.

BSDs in general and OpenBSD in particular have not had the same level of attention (in the media and elsewhere) as Linux or the remaining proprietary Unix's (HP, IBM and Sun). A lack of a big entity with $$ to push the message has always been a problem. Then again, Linux has benefited from OpenBSD too, most notably from the OpenSSH project which is core to OpenBSD.

Ben Kenobi also famously said in Star Wars that,"... the Jedi Knights were the guardians of Peace and Prosperity in the Old Republic until the Dark Times, until the Empire."

Were BSD devs the equivalent of the Jedi Knights in the early days? Maybe. But times have changed much and the Empire that the early BSD devs fought against is not the Empire that current open code developers fight against.

Still all good fun to think about. OpenBSD 4.4 is a solid distribution and continues to fight the good fight against the Empire (however you choose to define it).